Error: SHELLCHECK_WARNING (CWE-569): [#def1] /usr/bin/clevis:30:16: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate. # 28| # 29| cmd=clevis # 30|-> input_commands="$cmd $@" # 31| # 32| while [ $# -gt 0 ]; do Error: SHELLCHECK_WARNING (CWE-88): [#def2] /usr/bin/clevis-decrypt-tpm2:24:34: error[SC2068]: Double quote array expansions to avoid re-splitting elements. # 22| if command -v clevis-pin-tpm2 >/dev/null; # 23| then # 24|-> exec clevis-pin-tpm2 decrypt $@ # 25| fi # 26| Error: SHELLCHECK_WARNING (CWE-569): [#def3] /usr/bin/clevis-luks-bind:81:10: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate. # 79| fi # 80| # 81|-> if ! PIN="${@:$((OPTIND++)):1}" || [ -z "$PIN" ]; then # 82| echo "Did not specify a pin!" >&2 # 83| usage Error: SHELLCHECK_WARNING (CWE-569): [#def4] /usr/bin/clevis-luks-bind:89:10: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate. # 87| fi # 88| # 89|-> if ! CFG="${@:$((OPTIND++)):1}" || [ -z "$CFG" ]; then # 90| echo "Did not specify a pin config!" >&2 # 91| usage Error: SHELLCHECK_WARNING (CWE-563): [#def5] /usr/bin/clevis-luks-unbind:95:13: warning[SC2034]: slot appears unused. Verify use (or export if used externally). # 93| fi # 94| # 95|-> read -r slot state uuid < <(luksmeta show -d "$DEV" | grep "^$SLT *") # 96| # 97| if [ "$uuid" == "empty" ]; then Error: SHELLCHECK_WARNING (CWE-457): [#def6] /usr/lib/dracut/modules.d/60clevis-pin-tang/module-setup.sh:38:11: warning[SC2154]: hostonly_cmdline is referenced but not assigned. # 36| # 37| install() { # 38|-> if [ "${hostonly_cmdline}" = "yes" ] && have_tang_bindings; then # 39| echo "rd.neednet=1" > "${initdir}/etc/cmdline.d/99clevis-pin-tang.conf" # 40| fi Error: SHELLCHECK_WARNING (CWE-457): [#def7] /usr/lib/dracut/modules.d/60clevis-pin-tang/module-setup.sh:39:32: warning[SC2154]: initdir is referenced but not assigned. # 37| install() { # 38| if [ "${hostonly_cmdline}" = "yes" ] && have_tang_bindings; then # 39|-> echo "rd.neednet=1" > "${initdir}/etc/cmdline.d/99clevis-pin-tang.conf" # 40| fi # 41| Error: SHELLCHECK_WARNING: [#def8] /usr/lib/dracut/modules.d/60clevis-pin-tpm2/module-setup.sh:39:26: error[SC2283]: Remove spaces around = to assign (or use [ ] to compare, or quote '=' if literal). # 37| # 38| installkernel() { # 39|-> hostonly='' instmods =drivers/char/tpm # 40| } Error: SHELLCHECK_WARNING (CWE-457): [#def9] /usr/lib/dracut/modules.d/60clevis/module-setup.sh:33:13: warning[SC2154]: systemdsystemunitdir is referenced but not assigned. # 31| if dracut_module_included "systemd"; then # 32| inst_multiple \ # 33|-> $systemdsystemunitdir/clevis-luks-askpass.service \ # 34| $systemdsystemunitdir/clevis-luks-askpass.path \ # 35| /usr/lib/systemd/systemd-reply-password \ Error: SHELLCHECK_WARNING (CWE-457): [#def10] /usr/lib/dracut/modules.d/60clevis/module-setup.sh:38:30: warning[SC2154]: initdir is referenced but not assigned. # 36| /usr/libexec/clevis-luks-askpass # 37| # 38|-> systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path # 39| else # 40| inst_hook initqueue/online 60 "$moddir/clevis-hook.sh" Error: SHELLCHECK_WARNING (CWE-457): [#def11] /usr/lib/dracut/modules.d/60clevis/module-setup.sh:40:40: warning[SC2154]: moddir is referenced but not assigned. # 38| systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path # 39| else # 40|-> inst_hook initqueue/online 60 "$moddir/clevis-hook.sh" # 41| inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh" # 42| inst_multiple \ Error: GCC_ANALYZER_WARNING (CWE-775): [#def12] clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c:289:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[0]’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ # 287| if (*fd >= 0) # 288| close(*fd); # 289|-> *fd = -1; # 290| } # 291| Error: GCC_ANALYZER_WARNING (CWE-775): [#def13] clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c:289:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[1]’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ # 287| if (*fd >= 0) # 288| close(*fd); # 289|-> *fd = -1; # 290| } # 291| Error: GCC_ANALYZER_WARNING (CWE-775): [#def14] clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c:289:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘push[0]’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ # 287| if (*fd >= 0) # 288| close(*fd); # 289|-> *fd = -1; # 290| } # 291| Error: GCC_ANALYZER_WARNING (CWE-775): [#def15] clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c:289:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘push[1]’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ # 287| if (*fd >= 0) # 288| close(*fd); # 289|-> *fd = -1; # 290| } # 291| Error: GCC_ANALYZER_WARNING (CWE-775): [#def16] clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c:289:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘push[t]’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ # 287| if (*fd >= 0) # 288| close(*fd); # 289|-> *fd = -1; # 290| } # 291| Error: GCC_ANALYZER_WARNING (CWE-775): [#def17] clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c:399:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[0]’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ # 397| # 398| safeclose(&pull[PIPE_RD]); # 399|-> return bytes; # 400| # 401| error: Error: GCC_ANALYZER_WARNING (CWE-775): [#def18] clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c:399:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[1]’ /usr/include/glib-2.0/glib/gtestutils.h:32: included_from: Included from here. /usr/include/glib-2.0/glib.h:89: included_from: Included from here. /usr/include/glib-2.0/gobject/gbinding.h:30: included_from: Included from here. /usr/include/glib-2.0/glib-object.h:24: included_from: Included from here. /usr/include/glib-2.0/gio/gioenums.h:30: included_from: Included from here. /usr/include/glib-2.0/gio/giotypes.h:30: included_from: Included from here. /usr/include/glib-2.0/gio/gio.h:28: included_from: Included from here. /usr/include/udisks2/udisks/udiskstypes.h:28: included_from: Included from here. /usr/include/udisks2/udisks/udisks.h:25: included_from: Included from here. clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c:20: included_from: Included from here. clevis-21-build/clevis-21/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’ # 397| # 398| safeclose(&pull[PIPE_RD]); # 399|-> return bytes; # 400| # 401| error: Error: GCC_ANALYZER_WARNING (CWE-688): [#def19] clevis-21-build/clevis-21/src/pins/pkcs11/clevis-pkcs11-afunix-socket-unlock.c: scope_hint: In function ‘get_control_socket_name’ clevis-21-build/clevis-21/src/pins/pkcs11/clevis-pkcs11-afunix-socket-unlock.c:64:48: warning[-Wanalyzer-null-argument]: use of NULL ‘p’ where non-null expected <built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null # 62| get_control_socket_name(const char* file_sock, char* control_sock, uint32_t control_sock_len) { # 63| char *p = strstr(file_sock, ".sock"); # 64|-> size_t prefix_length = strlen(file_sock) - strlen(p); # 65| memset(control_sock, 0, control_sock_len); # 66| memcpy(control_sock, file_sock, prefix_length); Error: GCC_ANALYZER_WARNING (CWE-479): [#def20] clevis-21-build/clevis-21/src/pins/pkcs11/clevis-pkcs11-afunix-socket-unlock.c: scope_hint: In function ‘int_handler’ clevis-21-build/clevis-21/src/pins/pkcs11/clevis-pkcs11-afunix-socket-unlock.c:187:9: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘fprintf’ from within signal handler # 185| static void int_handler(int s) { # 186| if(logfile) { # 187|-> fprintf(logfile, "Closing, received signal:[%d]\n", s); # 188| fclose(logfile); # 189| } Error: GCC_ANALYZER_WARNING (CWE-479): [#def21] clevis-21-build/clevis-21/src/pins/pkcs11/clevis-pkcs11-afunix-socket-unlock.c:190:5: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘exit’ from within signal handler clevis-21-build/clevis-21/src/pins/pkcs11/clevis-pkcs11-afunix-socket-unlock.c:190:5: note: ‘_exit’ is a possible signal-safe alternative for ‘exit’ # 188| fclose(logfile); # 189| } # 190|-> exit(EXIT_FAILURE); # 191| } # 192| Error: GCC_ANALYZER_WARNING (CWE-401): [#def22] clevis-21-build/clevis-21/src/pins/sss/clevis-decrypt-sss.c: scope_hint: In function ‘main’ clevis-21-build/clevis-21/src/pins/sss/clevis-decrypt-sss.c:226:20: warning[-Wanalyzer-malloc-leak]: leak of ‘*pin.pt’ clevis-21-build/clevis-21/src/pins/sss/sss.h:21: included_from: Included from here. clevis-21-build/clevis-21/src/pins/sss/clevis-decrypt-sss.c:39: included_from: Included from here. # 224| # 225| pin->pt = malloc(ptl); # 226|-> if (!pin->pt) # 227| goto egress; # 228| Error: GCC_ANALYZER_WARNING (CWE-775): [#def23] clevis-21-build/clevis-21/src/pins/sss/sss.c: scope_hint: In function ‘call’ clevis-21-build/clevis-21/src/pins/sss/sss.c:363:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(dump[0], 0)’ # 361| # 362| if (*pid == 0) { # 363|-> if (dup2(dump[PIPE_RD], STDIN_FILENO) < 0 || # 364| dup2(load[PIPE_WR], STDOUT_FILENO) < 0) # 365| exit(EXIT_FAILURE); Error: GCC_ANALYZER_WARNING (CWE-775): [#def24] clevis-21-build/clevis-21/src/pins/sss/sss.c:363:51: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(load[1], 1)’ # 361| # 362| if (*pid == 0) { # 363|-> if (dup2(dump[PIPE_RD], STDIN_FILENO) < 0 || # 364| dup2(load[PIPE_WR], STDOUT_FILENO) < 0) # 365| exit(EXIT_FAILURE);
| analyzer-version-clippy | 1.82.0 |
| analyzer-version-cppcheck | 2.16.0 |
| analyzer-version-gcc | 14.2.1 |
| analyzer-version-gcc-analyzer | 15.0.0 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-206.us-west-2.compute.internal |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | clevis-21-6.fc42 |
| store-results-to | /tmp/tmp6e3q2o29/clevis-21-6.fc42.tar.xz |
| time-created | 2024-11-12 23:24:56 |
| time-finished | 2024-11-12 23:26:18 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmp6e3q2o29/clevis-21-6.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp6e3q2o29/clevis-21-6.fc42.src.rpm' |
| tool-version | csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9 |